|
SWFUpload !!! In all libraries SWFUpload (2.2.0.1, probably earlier versions + version Beta), Plupload of the version is lower 1.5.4(?) is found by XSS (in SWFUpload) and CSRF (in Plupload) vulnerability! Hash sum vulnerable file swfupload.swf CRC32: 5d875b2f MD5: 3a1c6cc728dddc258091a601f28a9c12 SHA-1: 17c372678aafb3bc1a7b37320b5cc1d8af433527 Hash sum file bugfixed swfupload.swf: CRC32: 1a2edc65 MD5: c0e5c70af799aeb906b1bef3b11e9a8d SHA-1: 7156a56ffa8a90589951637c8c2833e84f3e8d4b https://nealpoole.com/blog/2012/05/x...load-plupload/ |
You can report any specific issues with SWFUpload to there site as we do not work with or code there application. the issue was reported months ago Issue 376 - swfupload - XSS via ExternalInterface.call - JavaScript & Flash Upload Library - Google Project Hosting If you are really worried about it all I can tell you to do is turn off the flash uploader. |
what kills me is I search for externalinterface as that function from reading on the net is buggy and say this issue they respond to yet the one posted above months ago they do not. Issue 257 - swfupload - Internet Explorer silently fails to initialize ExternalInterface callbacks when swfupload.swf is cached - JavaScript & Flash Upload Library - Google Project Hosting |
More research but it appears to me your not going to see a fix for SWFUpload anytime soon. That flash uploader is a free source project and the last gold release was over 3 years ago. |
| All times are GMT -5. The time now is 04:23 AM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0